Blog Archives

Before I discuss some of the more technical details regarding defense against “lizamoon” and similar attacks, an important note I would like to make to any business executives who may stumble across the article or hear it secondhand:

PCI

if you’re doing ecommerce… is a must!

In an ideal scenario, all developers should follow good coding practice such as SQL Command Parameterization, but realistically, especially depending heavily on the coding language behind used, sometimes this is either difficult or simply forgotten.

PCI Compliance, or at least awareness of OWASP and PCI DSS 2.0 security standards should be an important thought for anyone who is currently in or looking to get into ecommerce.

These standards help outline specific safeguards, and in the case of compliance, certify these safeguards with assessment scans that help developers identify and fix potential security flaws.

lizamoon

This latest exploit, currently live and in the wild at the time of writing this blog, is getting quite some fame for it’s scope of number of businesses affected.

As far as rarity or complexity, the attack is simply some cleverly crafted SQL Injection, which can be avoided altogether using SQL Command Parameterization.

However, if you were victimized by this attack and are utilizing a system which your developers did not implement, you’re in a much tougher scenario since you probably cannot modify the code directly or even identify the attack’s point of entry.

As a quick fix and temporary workaround until a patch for your system is release, to resolve this, go through the following checklist:

1) Find out which ecommerce or web platform you’re using which has been compromised and open a support ticket/initiate a support call with your vendor.2) Research with your webmaster, provider or IT department if you are using shared or cloud hosting, virtual dedicated hosting or dedicated.3) If you are using shared hosting, begin migration to a virtual dedicated or dedicated host, since you will not be able to make the necessary changes for the workaround fix on a shared or cloud host.4) If you are on a virtual or fully dedicated plan, or newly migrated from shared hosting, note if you have a Windows or Linux machine.5) On Windows, navigate to C:\windows\system32\drivers\etc\, on Linux go to /etc/. Note this path.6) On Windows, open up notepad (right click and run as administrator if on Vista or later), on Linux open your favorite text editor as root or superuser.7) In your text editor, open the “hosts” file located at the path you noted in step 5.8) Add a new line pointing the lizamoon domain to your loopback address. (see code below)

127.0.0.1 lizamoon.com

How this works:

The hosts file maps machine names and domains to IP Addresses (although not vice versa), and overrides the resulting IP address you would otherwise receive from your DNS provider.

In terms of your ecommerce site, this translates to users clicking on a link on your site affected by the exploit, but instead of being directed to lizamoon.com like the attackers intended (no one knows yet why they are doing this..), the users will instead be bounced back to your site root (usually the homepage).

This gives you enough time to hunt down or wait for a more permanent patch, without putting your shoppers at increased risk and at least averting danger temporarily. I would highly advise anyone affected by this attack however to consider PCI auditing or at least security consultation regarding their ecommerce or web application.

Previous Posts

Quotes

If we pommel through it and remained determined and follow through.. will that determine victory? (11/12/2013, Ronnie D.)

The formula for success is an equation with quantity, quality and perception. Everything else is anyone's guess. (11/1/2013, Ronnie D.)

World full of automation demands a new breed of worker. (3/3/2013, Ronnie D.)

Even the smallest piece of life contains a symphony of miracles. (8/13/2012, Ronnie D.)

Once your brain crosses over the threshold of limits you've been taught that define you, it's hard to turn back. (2/6/2012, Ronnie D.)

The flow of information can be redirected, but never cut off. (Winter 2010, Ronnie D.)

I don't like unknowns. It's not the truth that bothers me, it's wondering what that truth is. (Winter 2010, Ronnie D.)

We are nodes on the hive brain of the internet - the evolutionary collective consciousness... where each thought is merely a fraction of the blogosphere. (Summer 2008, Ronnie D.)

No one person thinks of a single idea. Every idea and its' variations always seem to spring forth simultaneously... it's as if there is a large pool somewhere filled with all ideas that we pull from. (Spring 2003, Ronnie D.)

Deep in our genetic structure, there lay dormant traits and attributes which are activated conditionally, outside of heredity. This has not yet been proven, but I have a gut feeling... and will guarantee that these innate qualities have already surfaced. (Summer 2002, Ronnie D.)